Slashdot Mirror
How Your Username May Betray You
An anonymous reader writes "By creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture the users."
Couldn't they already do this with cookies?
In other news.. the gentleman wielding the running chainsaw could probably kick you really hard with those steel toe bootsand maybe even poke you in the eye!
that my username won't betray me...
I thought this was the whole point of using a unique username. If I didn't want a unique identity, I wouldn't have created one for myself.
Seriously, that's almost precisely why I've the same username all over place (amusingly, almost except /.) - so that people who know me on one might recognise me on another.
I'd imagine that anyone with a desire to not let anyone know where else they go on the net already gets all their usernames out of pwgen or something.
I mean, we have to accept at some point that we are all in a public place. I for one don't want to have to live life online like a fugitive. Constantly changing my identity and browsing habits just to throw off marketers. And if you are smart you can easily avoid scammers by being more vigilant with your important information.
someone down named Analintruder?
"You'll get nothing, and you'll like it!"
As long as they can't link my username to my real name, I don't care. They can collect information about "some dude who goes by GameboyRMH" all they like.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Hey slashdot, why don't you be ahead of the curve on this and let posters change their username associated with their comments once every few years. Also, being able to delete an occasional comment would be thoughtful too. It's not 1995 anymore on both accounts.
And the installed fonts, and the screen resolution and color depth and the dozens of other factors that combined allow you to be tracked.
Try this web site for an idea of how these factors can (in combination) uniquely identify you:
https://panopticlick.eff.org/
I see that my browser is unique among the 1.4 million tested, with 20 bits of identifying information. Knowing my user name isn't going to compromise my privacy all that much more, especially compared to how Facebook screws your privacy every day.
Or you don't see the advertisements in the first place because you use a proper browser with decent advertisement blocking. Either way, in this day and age, you can avoid pretty much every scam or advertisement with a little bit of common sense.
Umm . . . obvious, per chance? It seems to me that this is sort of . . . common sensical. Many people (myself included among that set) use a common username across multiple sites for that very reason mentioned in the article. To enable others to track us via our username. Of course, the intended audience is not the scammers -- oh, sorry, "marketers" -- but rather fellow hackers. But it's a double-edged sword. Perform an action, and the consequences will arrive, knocking on the door in the middle of the night. Welcome to the world, people.
Transparent.
Be at least 8 characters long. Have at least one upper and one lower case letter, a number, a symbol and an RGB code for your favorite color. Oh and change it every 6 months too.
Sorry about the mess.
And when they find me, how will I resist their clever and informative advertising?
I'm sure there must be plenty of marketeers scratching their heads trying to understand what's this "Anonymous Coward" guy's preferences.
Give it up. Privacy is gone.
Could we just move tautologies to idle? Or maybe we need a /. section called duh...
I work for a growing software company and I have basically used this technique for doing basic background checks on job applicants.
Back in about 2006 we had someone apply who had a distinctive username that returned a handful of results via a careful google search. Almost all of them were to "alt.drugs.bongmaking" or something similar.
I didn't care whether the guy/girl had used drugs, but about the complete lack of discretion in the posts. He had actually used his full name and detailed personal information that positively identified him as our applicant. Really sad, and not the only time something like that has happened.
...don't get online. Don't post more info about yourself than you want to have distributed. Don't assume your username or password gives you any anonymity. If you're concerned about tracking, use a password manager and use a unique username/password for every site. If you're not that concerned, use 3-5 different user names with different passwords, they may be able to link some of your info, but not all of it.
make imaginary.friends COUNT=100 VISIBLE=false
You see, that's really THE WHOLE POINT of using the same username in multiple venues. In fact, it's the whole point of having a publicly visible username at all.
It's there to promote continuity between your various posts. It builds a "brand identity", if that's a phrase that you can use without wanting to punch yourself. If that wasn't what you were trying to do then you shouldn't have registered a user name in the first place.
Its called 'online presence' and it kind of the point isn't it?
This kind of tracking is easy to avoid. Just do like me and never post on discussion forums like this one.
For every post, there is an equal and opposite re-post.
why would anyone wish to hide what brand of jeans they like to wear?
Because it's none of their business?
I for one would very much prefer that marketers and ad networks had a good picture of my product preferences so that instead of ads for mortgage refinancing and painfully unfunny t-shirts, I would get advertisements for things that I might actually be interested in.
There are ads on the Internet?
Don't look now but you just admitted to being a VB programmer on /.
Prepare yourself for heaps of abuse.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Trying to hide from the marketers is almost a Hobson's choice. If I want to obscure my identity, I must:
- Use multiple identities. Complexity and failure due to other means of tracking me make this fairly pointless.
- Stop using cloud-based services. There goes Gmail and a bunch of other stuff. So I should be running my own webmail gizmo?
- Opt-out of all marketing opportunities. Sure, and opting out is actually respected by how many? ESPN keeps turning video autoplay back on when I go there, as if they are going to respect my opting out of newsletters, sharing with other entities that have 'items of interest' to me.
- Unsubscribe from services when I'm done with the business at hand. And re-enroll two weeks later. Nice, I get to play whack-a-userID as much as I do the thing I actually wanted to do.
So I don't bother. I'm fairly immune to the sidebar ads I get, I never respond to spam ads, and I am now tending to avoid retailers that obviously use deceptive means to target me. Screw 'em.
As an example of hilarity; I looked into getting a used shipping container a few months ago to use for storage. Turns out even old beatup ones are pretty expensive. For weeks after that, I would see sidebar ads for shipping containers 'everywhere'. Even today I coudl get one if I go to the 'wrong' site. I was never seriously in the market for containers, but it's a competitive market, and they are persistent.
Another example; I made the rare mistake of going to a buy.com (or was it nextag.com?) link for an item. Aw, crap. Now I get those ads all the time. But I recognize them schlepping me ads for 'djebme strap' and ignore them.
A final example; How often have I actually clicked a link to nextag.com to look for something specific, as a last resort, and find that they actually don't have ANY sources, but 'check back real soon'! Argh. And you can be sure I'll be peppered with ads for that item for a while. Grrr.
It's a lot like old fashioned junk mail, except I don't even need to carry it to the dumpster. It could be worse.
And it probably is. My only fear is that I will eventually get categorized, and red-lined so that I never see ads for what I actually want, but I see ads that are shoveling me something I don't want, but 'they' are trying to steer me to. This is entirely illegal in financing, but not quite yet in retailing. We'll see if it should be or not.
deleting the extra space after periods so i can stay relevant, yeah.
Sure, if some jerk has it out for you and you get stuck in one of these nets you'll never escape.
Big Picture, we're thrashing through a ton of social change with this here Net thingie.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
So my online user name may identify in multiple places just like my real name allows people to know who I am? Who would have imagined that?
no comment
I use Yvan256 for Slashdot, Yvan257 for Twitter, Yvan258 for Facebook, etc. No criminal mastermind could ever crack my username pattern!
Exactly the same as it putting out 'MaskedS'. Or '1234567'. Or 'b5c2502'.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
A Real Man who wants to visit websites will load each site in a separate browser instance with a unique agent string and a different browser vendor and build each time with all cookies and scripts (1st, 2nd, 3rd, 87th party, etc.) hard-blocked, and only from within a series of totally unique VM environments of no less than Windows XP (Home and Pro), Vista (all 4,556 varieties), Win 7 (all varieties) and no less than 1,396 versions and flavors of Linux or Unix derived operating systems, and each randomly selected for each site visit, which are only done from a Tor onion connection running inside of the VM, which is in turn routed through a Tor onion connection running from the top-level main desktop that you're doing all this from, and each VM is promptly rolled back to pre-website status after your visit is done--and that's for EVERY SINGLE VISIT. ANYTHING LESS THAN THIS LETS THE INTERNET RAYS PENETRATE YOUR TINFOIL THINKING CAP.
Dude, where's my packet?
So what if spammers track and profile me? I'm not buying their erection pills anyway.
Mod Me Up. You'll make a grown man cry.
I'm neminem here, there and everywhere (unless that name contains capitalization in a location where capitalization isn't forced, in which case I'm not. I'm not, for instance, NemineM.) Marketers: go ahead and do what you like, I'm ignoring you anyway. Why should I care?